IIS 7 and Above
System.Web.SessionState.HttpSessionState not avilable for request mad...
Last post Sep 10, 2009 05:27 PM by darwaish
Apr 03, 2007 06:37 AM|mehuls|LINK
I am developing a managed module that can run for requests made to unmanaged content on IIS 7.0. In this module I am using the System.Web.SessionState.HttpSessionState object
to check if the session assosciated with the rquest is newly created session or not.
The isssue I am facing is,the System.Web.SessionState.HttpSessionState is not available for request made to unmanaged content.
The HttpSessionState object is avilable for request made to managed content.The problem is with the request made to unmanaged content.
Any inputs on this would be very helpful.
Apr 03, 2007 04:36 PM|anilr|LINK
Apr 04, 2007 08:33 AM|ankitasdeveloper|LINK
Which module is responsible for mapping ASP.NET session to a request?
Setting the runAllManagedModulesForAllRequests attrubute to ture, makes all managed module to execute for all requests. But it does not work and we can't get session object for *.jpg files (Session is null). It works for *.aspx requests only.
I tried removing preCondition of System.Web.SessionState.SessionStateModule, still it didn;t work.
Apr 04, 2007 06:20 PM|mvolo|LINK
While Anil is right about removing the precondition for the SessionStateModule, the trick is in how SessionStateModule determines whether a particular request requires session state or not (since session state is pretty expensive to get on each request,
particularly when using OOB session state).
One of the things that the module checks is that the handler implements IRequiresSessionState interface. For unmanaged requests, there is no ASP.NET handler set on the request, so no session state is fetched.
You can learn more about the session state module here:
To fake out the module into getting you the session state anyway, just set HttpContext.Handler to a dummy IHttpHandler class that implements IRequiresSessionState (you'll have to write one, but you wont have to implement ProcessRequest - it will never be
called). Do this in PostMapRequestHandler, and only when HttpContext.Handler is already null (meaning ASP.NET wont be called for the handler). You can then remove your handler in PostAcquireRequestState, after the session state module has made its determination.
Apr 14, 2007 02:19 PM|tdjastrzebski|LINK
Thank you, Mike. You help me to find a solution I was seeking for 3 days already!
Dec 24, 2007 03:05 AM|hla|LINK
This brought me also the solution I was looking for. Thanks!
Only one problem was left for me. I had to do the same thing in 1.1, but this older framework version doen't provide the PostMapRequestHandler. The problem is were to set the dummy IHttpHandler. The solution is to set the Handler just like you would do
it in the web.config (Example: <add verb="*" path="*.divx" type=".....DummyHandlerWithSession,....." /> and then removing the handler like described above.
Sep 06, 2009 11:34 AM|darwaish|LINK
Sep 08, 2009 05:16 PM|anilr|LINK
Why do you need to enable session state for content authorization?
Sep 08, 2009 05:28 PM|darwaish|LINK
Sep 10, 2009 05:19 PM|anilr|LINK
Ok, looks like using session is the best way here.
From the symptoms, sounds like you may have some request which is not releasing the session in a timely manner - I would suggest using failed request tracing to see what requests you are seeing with particular session-id and whether any of them are holding
on to the session indefinitely.
Sep 10, 2009 05:27 PM|darwaish|LINK